Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Collabora Online (CODE)
  3. Collabora NextCloud issue

Collabora NextCloud issue

Scheduled Pinned Locked Moved Collabora Online (CODE)
collabora
7 Posts 4 Posters 1.6k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • iamthefijI Offline
      iamthefijI Offline
      iamthefij
      App Dev
      wrote on last edited by girish
      #1

      Ok, so I've been racking my brain on this one for a while and can't figure it out.

      I've got NextCloud installed at cloud.mydomain.com, and Collabora installed at docs.mydomain.com. I've updated Collabora to allow framing by https://cloud.mydomain.com as well as updated the host name in the app itself. I've also installed the Collabora app in NextCloud as well as told it to look at https://docs.mydomain.com.

      This had been working for a while. Today I noticed it just kept spinning when trying to view a doc and see in the JavaScript console the following perplexing line:

      Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
      

      What?! I do have an app (CodiMD) hosted at md.mydomain.com, however, that is something completely irrelevant. Just in case, I updated it to allow framing in https://cloud.iamthefij.com, but that doesn't seem to have helped either.

      From there I started debugging. I grepped the /app directories for md.mydomain.com in both my NextCloud and Collabora containers, but found nothing. I tried renaming md.mydomain.com to md2.mydomain.com, but I got the exact same error:

      Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
      

      On the other hand, when I rename docs.mydomain.com to docs2.mydomain.com, I get a NextCloud error that it can't connect to Collabora!

      So it seems like NextCloud is connecting to Collabora, but for some reason it's then trying to load a different host...

      murgeroM 1 Reply Last reply
      0
      • iamthefijI iamthefij

        Ok, so I've been racking my brain on this one for a while and can't figure it out.

        I've got NextCloud installed at cloud.mydomain.com, and Collabora installed at docs.mydomain.com. I've updated Collabora to allow framing by https://cloud.mydomain.com as well as updated the host name in the app itself. I've also installed the Collabora app in NextCloud as well as told it to look at https://docs.mydomain.com.

        This had been working for a while. Today I noticed it just kept spinning when trying to view a doc and see in the JavaScript console the following perplexing line:

        Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
        

        What?! I do have an app (CodiMD) hosted at md.mydomain.com, however, that is something completely irrelevant. Just in case, I updated it to allow framing in https://cloud.iamthefij.com, but that doesn't seem to have helped either.

        From there I started debugging. I grepped the /app directories for md.mydomain.com in both my NextCloud and Collabora containers, but found nothing. I tried renaming md.mydomain.com to md2.mydomain.com, but I got the exact same error:

        Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
        

        On the other hand, when I rename docs.mydomain.com to docs2.mydomain.com, I get a NextCloud error that it can't connect to Collabora!

        So it seems like NextCloud is connecting to Collabora, but for some reason it's then trying to load a different host...

        murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by
        #2

        @iamthefij Can you try resetting collabora? if you leave the default settings it only allows connections from your domain anyway

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        1 Reply Last reply
        0
        • nebulonN Offline
          nebulonN Offline
          nebulon
          Staff
          wrote on last edited by
          #3

          I cannot think of anything causing nextcloud to iframe some random other domain. As @murgero said reinstalling collabora on the same domain should fix this, as the defaults should be ok already.

          1 Reply Last reply
          1
          • iamthefijI Offline
            iamthefijI Offline
            iamthefij
            App Dev
            wrote on last edited by
            #4

            Tried that, but it did not fix it. For some reason it still shows the same thing.

            FYI, the default is insecure. [a-zA-Z0-9_\-.]*example.com would actually allow someone to use a malicious domain like fake-example.com and use the instance as it would match that regex. It should really be example.com|[a-zA-Z0-9_\-]+.example.com. That way it's checking for root domain or any subdomain with a dot before the domain.

            1 Reply Last reply
            1
            • iamthefijI Offline
              iamthefijI Offline
              iamthefij
              App Dev
              wrote on last edited by
              #5

              Just tried in Safari and got much more detailed information:

              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://cloud.example.com/apps/richdocuments/index?fileId=11418&requesttoken=blah': 'ALLOW-FROM https://md.example.com' is not a recognized directive. The header will be ignored.
              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://docs.example.com/loleaflet/blah/loleaflet.html?WOPISrc=https%3A%2F%2Fcloud.example.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11418_blah&title=Test.odt&lang=en&closebutton=1&revisionhistory=1': 'ALLOW-FROM https://cloud.example.com' is not a recognized directive. The header will be ignored.
              

              It looks like both are trying to frame each other. When I did check my settings for cloud.example.com, I saw that I had allowed cloud.example.com to be embedded in md.example.com, so I'm wondering if that's where this is coming from.

              Updated both to allow embedding from each other now.

              Oddly enough I still get errors saying framing is not allowed.

              Firefox gives me:

              Load denied by X-Frame-Options: https://docs.example.com/ does not permit framing by https://cloud.example.com/apps/files/?dir=/Documents
              

              Safari gives me:

              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://cloud.example.com/apps/richdocuments/index?fileId=11418&requesttoken=blah%3D%blah%blah%3D': 'ALLOW-FROM https://docs.example.com' is not a recognized directive. The header will be ignored.
              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://docs.example.com/loleaflet/blah/loleaflet.html?WOPISrc=https%3A%2F%2Fcloud.example.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1141blah&title=Test.odt&lang=en&closebutton=1&revisionhistory=1': 'ALLOW-FROM https://cloud.example.com' is not a recognized directive. The header will be ignored.
              

              The header itself shows X-Frame-Options: ALLOW-FROM https://cloud.example.com... which looks right.

              1 Reply Last reply
              0
              • iamthefijI Offline
                iamthefijI Offline
                iamthefij
                App Dev
                wrote on last edited by
                #6

                More debugging weirdness! Looks like the Safari errors can be ignored. The iframe actually seems to be loading fine. I tested using my external link to Gitea embedded in NextCloud. It renders just fine, but the errors still shows in the log. Weird.

                Then, within the Collabora frame inside NextCloud, I was getting an error saying:

                Failed to read document from storage. Please contact your storage server (cloud.example.com) administrator.

                Turns out that was related to open a new document. It now works in Safari with older documents but new documents won't work.

                Firefox still gives me the previous error, though I just noticed there is also a different error present, so maybe the X-Frame-Options one is a red herring.

                Load denied by X-Frame-Options: https://docs.example.com/ does not permit framing by https://cloud.example.com/apps/files/.
                Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
                

                Sorry, this is a lot of info. I'm just dumping it all as I debug for someone's future reference (probably mine).

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  @iamthefij I don't know if this is related, but we have an open task to move away from X-Frame-Options which seems to be deprecated - https://git.cloudron.io/cloudron/box/issues/596

                  1 Reply Last reply
                  0
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search